Get your free personalized podcast brief
We scan new podcasts and send you the top 5 insights daily.
Cognition's experience building its AI agent, Devin, revealed that full virtual machines are necessary for robust security and complex tasks. Docker containers lack a true security boundary and struggle with nested environments (e.g., Docker-in-Docker), which are common in real-world application testing.
Related Insights
To unlock their full intelligence, AI agents require broad access to compute resources—like a sandboxed computer—not just a single tool or database. Providing only limited access wastes their cognitive capacity. The challenge is enabling this power securely, requiring innovations like new types of firewalls.
Running multiple, complex AI coding agents simultaneously is computationally prohibitive on local machines. Stripe's success relies on their ability to spin up numerous isolated cloud development environments in parallel, a crucial investment for any team serious about agentic engineering.
As AI generates more code than humans can review, the validation bottleneck emerges. The solution is providing agents with dedicated, sandboxed environments to run tests and verify functionality before a human sees the code, shifting review from process to outcome.
Cursor discovered that agents need more than just code access. Providing a full VM environment—a "brain in a box" where they can see pixels, run code, and use dev tools like a human—was the step-change needed to tackle entire features, not just minor edits.
Instead of using local machines like Mac Minis, host client agents in isolated cloud virtual machines (e.g., via Orgo). This provides a secure, sandboxed environment and allows you (and your own management agent) to remotely access, debug, and update all client agents from a single platform, making fulfillment vastly more efficient.
The 'out of the box' architecture, where an agent's logic runs separately from its sandboxed execution environment, is more complex but offers superior security and reusability. This prevents agent secrets from being exposed in the execution environment and allows leveraging existing developer setups.
To address security concerns, powerful AI agents should be provisioned like new human employees. This means running them in a sandboxed environment on a separate machine, with their own dedicated accounts, API keys, and access tokens, rather than on a personal computer.
The true capability of AI agents comes not just from the language model, but from having a full computing environment at their disposal. Vercel's internal data agent, D0, succeeds because it can write and run Python code, query Snowflake, and search the web within a sandbox environment.
Claude Cowork runs in a lightweight VM on the user's machine. This "subcomputer" concept provides a secure, sandboxed environment where the AI can install tools and operate freely without compromising the host system or requiring complex cloud permissions for every local resource.
As AI agents evolve from information retrieval to active work (coding, QA testing, running simulations), they require dedicated, sandboxed computational environments. This creates a new infrastructure layer where every agent is provisioned its own 'computer,' moving far beyond simple API calls and creating a massive market opportunity.
